The Code which was found in Ransomware also found in code used by the Lazarus Group, a hacking group linked to North Korean Government.
Lazarus Group is a North Korean hacking group allegedly supported by the North Korean government, Symantec reported in March, that this group was behind the massive bank attacks in 31 countries including the central bank of Bangladesh. The group was blamed for stealing money from the banks around the world. Symantec analysed the codes found in the attack and was pretty sure its Lazarus the north Korean hacking group.
Now in the recent cyber-attack ransomware, the same group is being suspected. According to the security researchers, they have found the evidence that suggests Lazarus group is behind the WannaCry ransomware cyber attack.
Google’s security researcher Neel Mehta discovered the computer code which was found in WannaCry malware, it was identical to the code used by Lazarus group. Mehta, mentioned it in a tweet on Monday.
9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598
ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution
— Neel Mehta (@neelmehta) May 15, 2017
The code which was found in WannaCry ransomware was actually discovered in earlier version of the malware, the recent versions doesn’t carry that code which indicates that hackers tricked researchers to divert their attention. Many researchers at antivirus company Kaspersky Lab say; It could be possible but not too certain.
There is still more research required to come to the conclusion that Lazarus is the culprit behind it, so far Neel’s discovery is the latest finding to the case which is a significant clue to date in order to track the origin of the WannaCry.
Ransomware is a malware used Microsoft windows loopholes to start attack which spreads across network, if the computer is connected with a network the whole network is subject to be affected with the virus. When it hits it locks down the computer it asks for ransom payment of $300 via Bitcoin, a digital currency which itself untraceable is running on the internet.
Estimated revenue could be as much as $1 billion of all the ransoms are paid.
Nearly, 150 countries and more than 300,000 computers were hit by this virus since last Friday, although its slowed down now but the fear remains to continue. North Korea has been blamed and confirmed many times for cyber-attacks all over the world, the hacking of Sony pictures network in 2014 was also triggered by North Korean group. The data of 47,000 employees was stolen from this attack.